begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
StopService('netfilter2');
QuarantineFile('C:\Users\CHEKH\AppData\Local\Steak\{31E5B248-1799-F4EE-78F6-94DB9EEA38B5}\czpjx.dll', '');
QuarantineFile('C:\Users\CHEKH\AppData\Local\Steak\{31E5B248-1799-F4EE-78F6-94DB9EEA38B5}\Steak.dll', '');
QuarantineFile('C:\Users\CHEKH\AppData\Local\SmartWeb\SmartWebHelper.exe', '');
QuarantineFile('C:\Windows\system32\drivers\swsedrvr_vt_1_10_0_25.sys', '');
QuarantineFile('C:\Windows\system32\drivers\netfilter2.sys', '');
QuarantineFile('C:\Program Files (x86)\4015E747-1451140440-331C-895C-88AE1D768210\hnsn65D7.tmp', '');
QuarantineFileF('C:\Users\CHEKH\AppData\Roaming\istartpageing\', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js', true, '', 0, 0);
QuarantineFileF('C:\Users\CHEKH\AppData\Roaming\MailProducts\', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js', true, '', 0, 0);
QuarantineFileF('C:\Program Files (x86)\AnySend\', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js', true, '', 0, 0);
QuarantineFileF('C:\Program Files (x86)\Mail.Ru\', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js', true, '', 0, 0);
QuarantineFileF('C:\Program Files (x86)\4015E747-1451140440-331C-895C-88AE1D768210\', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js', true, '', 0, 0);
QuarantineFileF('C:\ProgramData\Mail.Ru\', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js', true, '', 0, 0);
DeleteFile('C:\Program Files (x86)\4015E747-1451140440-331C-895C-88AE1D768210\hnsn65D7.tmp', '32');
DeleteFile('C:\Windows\system32\drivers\swsedrvr_vt_1_10_0_25.sys', '32');
DeleteFile('C:\Windows\system32\Tasks\SmartWeb Upgrade Trigger Task', '64');
DeleteFile('C:\Users\CHEKH\AppData\Local\SmartWeb\SmartWebHelper.exe', '32');
DeleteService('swsedrvr_vt_1_10_0_25');
DeleteService('wucotusy');
DeleteFileMask('C:\Users\CHEKH\AppData\Roaming\istartpageing', '*', true);
DeleteFileMask('C:\Users\CHEKH\AppData\Roaming\MailProducts', '*', true);
DeleteFileMask('C:\Program Files (x86)\AnySend', '*', true);
DeleteFileMask('C:\Program Files (x86)\Mail.Ru', '*', true);
DeleteFileMask('C:\Program Files (x86)\4015E747-1451140440-331C-895C-88AE1D768210', '*', true);
DeleteFileMask('C:\ProgramData\Mail.Ru', '*', true);
DeleteDirectory('C:\Users\CHEKH\AppData\Roaming\istartpageing');
DeleteDirectory('C:\Users\CHEKH\AppData\Roaming\MailProducts');
DeleteDirectory('C:\Program Files (x86)\AnySend');
DeleteDirectory('C:\Program Files (x86)\Mail.Ru');
DeleteDirectory('C:\Program Files (x86)\4015E747-1451140440-331C-895C-88AE1D768210');
DeleteDirectory('C:\ProgramData\Mail.Ru');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.ru/cnt/10445?gp=820031
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: (no name) - {8E8F97CD-60B5-456F-A201-73065652D099} - (no file)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
start
CreateRestorePoint:
AlternateDataStreams: C:\ProgramData\TEMP:B755D674
AlternateDataStreams: C:\Users\Все пользователи\TEMP:B755D674
FirewallRules: [TCP Query User{B0FF3B67-D9D3-4B51-893C-33AED6D612CB}C:\users\chekh\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\chekh\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [UDP Query User{BD110280-8351-484A-BC78-E325C04AEBAB}C:\users\chekh\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\chekh\appdata\roaming\acestream\engine\ace_engine.exe
HKU\S-1-5-21-3951187486-3232626147-1358031260-1000\...\Run: [AceStream] => C:\Users\CHEKH\AppData\Roaming\ACEStream\engine\ace_engine.exe
FF HKU\S-1-5-21-3951187486-3232626147-1358031260-1000\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\CHEKH\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi => not found
S1 netfilter2; system32\drivers\netfilter2.sys [X]
2015-12-26 17:38 - 2016-01-05 22:13 - 00000000 ____D C:\Users\CHEKH\AppData\Local\Unity
2015-12-26 17:37 - 2016-01-05 22:13 - 00000000 ____D C:\Users\CHEKH\AppData\LocalLow\Unity
2015-12-26 17:36 - 2015-12-26 17:35 - 00333506 _____ (AnySend.com) C:\Users\CHEKH\AppData\Local\nstE471.tmp
2015-12-26 17:32 - 2016-01-05 23:24 - 00000000 ____D C:\netfilter2
2015-12-20 01:42 - 2015-12-20 01:42 - 00000000 ____D C:\Users\CHEKH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Stream Media
2015-12-26 17:36 - 2015-12-26 17:35 - 0333506 _____ (AnySend.com) C:\Users\CHEKH\AppData\Local\nstE471.tmp
EmptyTemp:
Reboot:
end
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
QuarantineFile('C:\Windows\system32\drivers\netfilter2.sys', '');
QuarantineFileF('C:\Users\CHEKH\AppData\Local\Steak\', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js', true, '', 0, 0);
DeleteFile('C:\Windows\system32\drivers\netfilter2.sys', '32');
DeleteService('netfilter2');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
QuarantineFileF('C:\Users\CHEKH\AppData\Local\Steak\', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js', true, '', 0, 0);
DeleteFile('C:\Windows\system32\Tasks\Steak','64');
DeleteFile('C:\Windows\system32\Tasks\Steak2','64');
DeleteFileMask('C:\Users\CHEKH\AppData\Local\Steak\', '*', true);
DeleteDirectory('C:\Users\CHEKH\AppData\Local\Steak\');
DeleteService('netfilter2');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?